Threat Database Rogue Anti-Spyware Program Vista Internet Security 2011

Vista Internet Security 2011

Vista Internet Security 2011 is a malicious anti-spyware application created to trick users out of their money. Vista Internet Security 2011 is from the same family as Vista Internet Security 2010. Vista Internet Security 2011 is spread by Trojans or fake video codec downloads; once inside a machine it will create a start-up registry entry and disable certain security software. Vista Internet Security 2011 will also display bogus system scanners, pop-up warning and security alerts in order to coerce a user into paying for its full version. Despite the malicious recommendations, do not purchase Vista Internet Security 2011; it is not able to detect or remove malware and should be removed upon detection.

File System Details

Vista Internet Security 2011 may create the following file(s):
# File Name Detections
1. %UserProfile%\AppData\Local\pw.exe
2. %UserProfile%\Local Settings\Application Data\MSASCui.exe
3. %UserProfile%\Local Settings\Application Data\pw.exe
4. %UserProfile%\AppData\Local\MSASCui.exe
5. %UserProfile%\AppData\Local\opRSK
6. %UserProfile%\Local Settings\Application Data\opRSK

Registry Details

Vista Internet Security 2011 may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_CLASSES_ROOT\pezfile
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

Messages

The following messages associated with Vista Internet Security 2011 were found:

Internet Explorer alert. Visiting this site may pose a security threat to your system!
Possible reasons include:
- Dangerous code found in this site?s pages which installed unwanted software into your system.
- Suspicious and potentially unsafe network activity detected.
- Spyware infections in your system
- Complaints from other users about this site.
- Port and system scans performed by the site being visited.
Things you can do:
- Get a copy of Vista Internet Security 2011 to safeguard your PC while surfing the web (RECOMMENDED)
- Run a spyware, virus and malware scan
- Continue surfing without any security measures (DANGEROUS)

Vista Internet Security 2011 Firewall Alert
Vista Internet Security 2011 has blocked a program from accessing the internet
Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen
Private data can be stolen by third parties, including credit card details and passwords.

Stealth intrusion!
Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now.

Trending

Most Viewed

Loading...